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A METHOD AND A SYSTEM FOR RESPONDING TO A REQUEST FOR 
ACCESS TO AN APPLICATION SERVICE ' 



Technical Field 

The present invention relates to a method and a 
server for responding to a request for access to an 
5 application service^ which service is deployed in a 

system that associates specific areas of a position coded 
surface with corresponding application services. 

Background of the Invention 

10 The applicant of the present invention has developed 

a system infrastructure in which use is made of products 
having writing surfaces that are provided with a position 
code. Digital devices ^ preferably in the form of digital 
pens, are used for writing on the writing surface while 

15 at the same time being able to detect positions of the 
position coded surface. The digital device detects the 
position code by means of a sensor and calculates 
positions corresponding to written pen strokes - 

An area of the position code, such as an area 

20 associated with a product, typically has one or more 

activation icons, also known as magic boxes, which, when 
detected by the digital device, cause the pen to initiate 
a respective predetermined operation which utilises the 
information recorded by the device from the position 

25 coded surface. 

More specifically, the position-coded surface has a 
built-in functionality, in that different positions on a 
confined area of the surface on a product, such as 
positions within the activation icon and positions within 

30 the writing surface, are dedicated for different 

functions. The position code is capable of coding co- 
ordinates of a large number of positions, much larger 
than the number of necessary positions on a surface area 



wo 2004/061732 PCT/SE2003/002069 

2 

of one single product. Thus, the position code can be 
seen as forming a virtual surface which is defined by all 
positions that the position code is capable of coding, 
different positions on the virtual surface being 
5 dedicated for different functions, or services, and/or 
actors . 

The system includes, in addition to the digital 
devices and a plurality of position coded products, at 
least one look-up server running a service called a paper 

10 look-up service, PLS, and a plurality of application 

servers acting as actors or Application Service Handlers 
ASH in the system and executing application services - 
The look-up server uses a database to manage the 
virtual surface defined by the position code and the 

15 information related to this virtual surface, i.e. the 
functionality of every position on the virtual surface 
and the actor, associated with each such position. 
Different areas, or regions, on the virtual surface are 
by the paper look-up service associated with respective 

20 particulars and/or data by means of management rules. In 
response to receipt of information from a digital device, 
which information corresponds to at least one position on 
the virtual surface, the PLS is arranged to identify to 
which area the coordinates of the position or positions 

25 belong and to determine how the information is to be 
managed based on the management rules for that area. 

The application server is a server effecting a 
service on behalf of a digital device, such as storing or 
relaying digital information, initiating transmission of 

30 information or items to a recipient etc. 

The above described position coded surface and the 
overall system with its operation and its enabling 
support of various functions and services to digital 
devices are further described in the published patent 

35 applications US2002/0091711 , US2003/0046256 and 

US2003/0061188, all of which have been filed by the 
present applicant and all of which are incorporated 



wo 2004/061732 



PCT/SE2003/002069 



10 



3 

herein by reference. It is to be noted that other types 
of position codes are equally possible within the scope 
of the present invention. 

The above described system is beneficial for an 
enterprise or a government authority that wants to use 
the functionality of the system for improving internal 
processes and workflows. By using the described system, 
an enterprise will be able to turn information entered by 
means of pen and paper into useful digital data. Such a 
process for transferring paper based information to 
digital data will save the enterprise a considerable 
amount of labour and time, and in the end a considerable 
amount of money. 

However, there are some drawbacks associated with 
15 the above system if an enterprise wants to adopt the 
system while at the same time, for- security reasons, 
retaining full control over its usage. Some of these 
drawbacks can be derived from the fact that the above 
described paper look-up service is a global service, i.e. 
a global paper look-up service, G-PLS, that services a 
number of different actors and that is operated by an 
external party, typically by the party determining the 
allocation of different areas of the position coded 
surface to different functions and different actors. 
25 The enterprise can gain more or less full control 

over any application services which are for exclusive use 
by the enterprise and its associated pens if the 
application services are hosted on e.g. an intranet, 
without any participation of the global paper look-up 
service in the execution of the specific application 
service. However, the enterprise would still be dependent 
on an established communication with the global PLS, such 
as over the Internet, in order for the look-ups from the 
digital devices, or pens, to be managed correctly and in 
order to direct a device to a specific application 
service. Thus, the enterprise will not be in control of 
general digital device usage, such as look-ups being 



20 



30 



35 
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performed, nor will it then be able to control the 
digital device's access to externally available services, 
since such services could be accessed by the digital 
devices via the global PLS. 

5 

Summary of the Invention 

An object of the present invention is to provide a 
method and a server that offers an enterprise increased 
control and security, in terms of general system usage 
10 and service usage, when adopting the principles of a 

position coded paper based system of the kind described 
above . 

According to the invention, this object is achieved 
by a method having the features as defined in independent 

15 claim 1 and by an enterprise paper look-up server having 
the features as defined in independent claim 16. 
Preferred embodiments of the invention are defined in the 
dependent claims . 

The invention is based on the idea that instead of 

20 relying on a global paper look--up service for managing 
information and controlling and invoking application 
services, an enterprise paper look-up service is provided 
which manages a confined set of enterprise application 
services associated with respective areas included by the 

25 overall position coded surface. When receiving a request 
that includes address information of such an area, the 
enterprise paper look-up service, E-PLS, checks if the 
area address is associated with a service that the E-PLS 
manages. The E-PLS also checks if the originator of the 

30 request has the right to access the enterprise 
application service- If the area address is not 
associated with a service managed by the E-PLS, the 
request is routed to a second paper look-up service. 

This solution provides a number of advantages. The 

35 solution improves security since it enables the 

enterprise paper look-up service to operate independently 
of the global PLS, and therefore only requires 
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communication within an internal network of the 
enterprise, to which network one or more enterprise paper 
look-up services and servers executing enterprise 
application services are connected. Thus, the enterprise 
5 does not need to communicate with a global PLS over the 
Internet. By not including Internet resources in the 
solution the security and control of the system is not 
jeopardized. Should it be desired to be able to 
communicate with the global PLS, such communication can 
10 be greatly restricted and carefully monitored by means of 
communication via an enterprise firewall. Also, the 
system can more easily be adapted to any existing 
security framework of the enterprise. 

Furthermore, the enterprise will be in full control 
15 over what services that can be accessed by the digital 
devices, and thus in full control over the usage of the 
digital devices in the system. It is the enterprise that 
on its own determines what confined set of services that 
are managed by the enterprise look-up service and what 
20 specific further look-up service a service request may be 
routed to. In addition to the fact that this gives the 
enterprise control over what services that are, and can 
be, used, it also facilitates the control of costs 
generated by the system usage. The solution enables an 
25 enterprise centralized administration, and enables 

introduction of new services and maintenance of services 
to be performed easily and efficiently by the enterprise, 
since the services are managed centrally and provided so 
as to be accessible to all digital devices associated 
30 with the enterprise. 

Advantageously, the E-PLS checks if an originator of 
a request for access to a service has the right to route 
a request via the present E-PLS to a second PLS, before 
such routing is performed. The right may be controlled 
35 by, e.g., different security levels associated with the 
services of the second PLS or the second PLS in itself. 
This second PLS may be an E-PLS of another organisational 
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part of the same enterprise, an E-PLS of another 
enterprise, or the global PLS . Thus, regardless of 
whether the originator is a digital device or another E- 
PLS, this makes it possible to enable, or disable, the 
5 access to an E-PLS of another organisational part of the 
same enterprise, an E-PLS of another enterprise, or to 
the global PLS if such a communication path is possible. 

Furthermore, the E-PLS advantageously checks, if the 
received request for access to a service is determined to 

10 relate to a service managed by the E-PLS itself, that the 
digital device has the right to access this specific 
service, before granting access to the service. Thus, the 
enterprise will be able to control what digital device, 
or group of digital devices, that is/are allowed to 

15 access what service. Similarly, the E-PLS may check if a 
certain other E-PLS has the right to route a request for 
access to a service managed by the E-PLS in case the 
request is received from such other E-PLS. 

Further features and advantages of the invention 

20 will become more readily apparent from the following 
detailed description of a number of exemplifying 
embodiments of the invention. As is understood, various 
modifications, alterations and different combinations of 
features coming within the spirit and scope of the 

25 invention will become apparent to those skilled in the 
art when studying the general teaching set forth herein 
and the following detailed description. 

Brief Description of the Drawings 
30 Exemplifying embodiments of the present invention 

will now be described with reference to the accompanying 
drawings, in which: 

Fig. 1 schematically shows an exemplifying system 
infrastructure developed by the applicant of the present 
35 invention; 

Fig. 2 schematically shows a system which includes 
an exemplifying embodiment of the present invention; 



wo 2004/061732 



PCT/SE2003/002069 



7 

Fig, 3 shows an enterprise paper look-up server in 
accordance with an exemplifying embodiment of the 
invention; 

Fig. 4 schematically shows an exemplifying overall 
5 operation which includes the operation of an embodiment 
of the invention; and 

Fig, 5 is a flow chart of the operation in 
accordance with an exemplifying embodiment of the 
invention. 

10 

Detailed Description of the Invention 

Fig . 1 shows the system infrastructure developed by 
the applicant of the present invention. This 
infrastructure has been described above in the background 
. 15 section and will be further described below. 

The system in Fig. 1 comprises digital pens 100 
implementing digital devices and a plurality of products 
110 with a position code (not shown) covering a writing 
surface 120 and an activation icon 125. In the figure, 

20 only one digital pen and one product are shown. The 

system further comprises a network connection unit 130, a 
paper look-up server 140 running a paper look-up service, 
PLS, an application server 150 running an application 
service of a third party and an application server 160 

25 running a number of standardized application services in 
the system. In Fig. 1 the network connection unit 130 is 
exemplified with a mobile station, however, the unit 130 
could alternatively be a personal digital assistant (PDA) 
or some other suitable electronic device. Typically, the 

30 described system will in addition to a plurality of 

digital devices 100 and products 110 include a plurality 
of network connection units 130 and a plurality of 
application servers 150, 160. 

By detecting symbols of the coding pattern on the 

35 product 110, the digital pen is able to determine one or 
more absolute co-ordinates of the total, virtual surface 
that can be coded by the cocjing pattern. 
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The total surface is advantageously divided into a 
number of segments, each segment being divided into a 
number of shelves, each shelf being divided into a number 
of books, and each book being divided into a number of 
5 pages. An absolute co-ordinate, i.e. a global position on 
the total, virtual surface, will by the digital pen be 
determined to be located, on a certain page, which page 
may be regarded as a logical page having local positions. 
The page may be identified using the format 1.2.3.4 

10 (segment . shelf .book. page) , which denotes page 4 of book 

3, on shelf 2, in segment 1. This notation defines a page 
address. An area address may typically be defined by a 
page address. However, an area address may also define a 
larger area by means of a book address, e.g. 1.2,3.x, 

15 where x denotes all pages of the specific book, a shelf 

address, 1.2.x.x, or a segment address, 1.x. x.x. It is to 
be understood that other addressing schemes are equally 
possible and that such addressing schemes also would fall 
within the scope of the present invention. 

20 When the user moves the digital pen 100 across the 

surface of the product 110, information is recorded by 
detecting code symbols on the surface and determining the 
corresponding absolute co-ordinates. This is accomplished 
by means of a sensor and various memory and processing 

25 circuitry included within the pen 100. These absolute co- 
ordinates, or the area address, typically the page 
address, to which the co-ordinates belong, are 
communicated via the mobile station 130, a mobile 
communications network 170 and the Internet 180 to the 

30 paper look-up service 140. Alternatively, the co- 
ordinates are communicated to a local paper look-up 
service running on a personal computer, PC, 190 in the 
close neighbourhood of the digital pen. If the personal 
computer and the digital pen are equipped with Bluetooth® 

35 transceivers, the digital pen 100 may communicate 
directly with the PC running the local PLS . 
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The local PLS is responsible for managing and 
providing local standardized application services, such 
as an e-mail application, a calendar application, an 
application for taking notes etc- The local PC 190 stores 
5 particulars about co-ordinates and pages of one or more 
confined surface areas and manages services on behalf of 
one or a very limited number of digital pens. The paper 
look-up service running on server 14 0 on the other hand 
is global and stores, in a memory or in a connected data 

10 base (not shown) , particulars about all the co-ordinates 
of the total surface. This also includes storing 
particulars about the pages in which the total surface is 
divided. Both the global and the local paper look-up 
service process received information, which at least 

15 include co-ordinate content or page address content, in 
accordance with the management rules that have been 
associated with a particular co-ordinate or a particular 
page address. 

For a user of a digital pen, the system is simple to 

20 use as the user does not himself need to define how 

recorded information/positions are to be managed. When 
the user initiates a communication session for 
transmission of information, the management of this 
information is controlled based on the co-ordinates that 

25 the user records and/or the page address on which the 

information was recorded by means of the digital pen 100. 

When the user of the digital pen 100 wishes to 
initiate transmission of information he "'ticks'' the 
activation icon 125. The recording of at least one 

30 position of the activation icon will then be recognised 
by the digital pen 100 as a co-ordinate of a send area, 
which send area is associated with a particular send 
instruction. By default, this send instruction includes 
the address of a predefined paper look-up service, either 

35 the global service of server 14 0 or the local service of 
the PC 190. Alternatively, two send areas may exist, one 
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associated with the global service and one with the local 
service . 

The digital pen 100 and the global/local paper look- 
up service communicate by means of a pen protocol which 
5 is a proprietary protocol of the applicant of the present 
invention. For a more detailed description of the pen 
protocol and the communication between a digital pen and 
a paper look-up service reference is made to the patent 
application US2003/0055865, which is incorporated herein 

10 by reference. 

Fig. 2 schematically shows a system which includes 
an embodiment of the present invention. The system has a 
hierarchical configuration with three enterprise paper 
look-up servers 200, 210, 220, executing respective 

15 enterprise paper look-up services E-PLSl, E-PLS2, E-PLS3, 
and three application servers 205, 215, 225, executing 
respective confined sets of enterprise application 
services E-ASl, E-AS2, E-AS3. 

Each enterprise service manages its own pens 207, 

20 217, 227, registered with the service and its own 

application services. Typically, an enterprise paper 
look-up service manages enterprise application services 
that are executed on an application server which is 
connected to the server of the enterprise paper look-up 

25 service over a local area network- Thus, E-PLSl, with 
which pens 207 are registered, and which executes on 
server 200, manages E-ASl executing on server 205, and E- 
PLS2, with which pens 217 are registered, manages E-AS2, 
and so on. 

30 Fig. 2 also depicts a global paper look-up server 

230 executing a global paper look-up service, G-PLS, and 
an application server 235 executing application services 
which also can be regarded as being global, and therefore 
denoted G-AS . In the figure, E-PLS2 is able to 

35 communicate with the G-PLS over an enterprise firewall 
240 and the Internet 250. 
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The operation of an enterprise paper look-up service 
is similar to that of the global paper look-up service, 
the latter sometimes only referred to herein as paper 
look-up service, PLS . The E-PLS distinguishes itself from 
5 the G-PLS in that it, e.g., may be configured to only 

communicate within a local area network (LAN) or to only 
communicate within the LAN and with one or more specific 
secondary E-PLSs outside the LAN. Such a secondary E-PLS 
may belong to the same enterprise or a different 

10 enterprise. Of course it is possible that the E-PLS and a 
secondary E-PLS are connected to the same LAN or a same 
Wide Area Network. In Fig. 2, even though not depicted, 
E-PLSl and E-ASl could be connected to a LAN without any 
connections to any other servers, and, thus, defining an 

15 enterprise's 201 own, isolated, version of the system 

infrastructure developed by the present applicant and as 
described above. As a further example, E-PLSl, E-:PLS2 and 
E-PLS3 could be the PLSs of respective parts of the same 
enterprise sharing the same LAN or having their own LANs 

20 which are interconnected with each other. 

Another difference between an E-PLS and the G-PLS is 
that it is the enterprise itself that is responsible for 
operation, maintenance, support and administration of its 
own enterprise paper look-up server. Thus, the enterprise 

25 itself administers the database used for storing 

management rules related to its enterprise application 
services, registration and maintenance of its associated 
digital pens, availability of internal and external 
application services, access rights to internal and 

30 external application services etc. 

It is more efficient for an enterprise to use an E- 
PLS than to use a number of local paper look-up services. 
If the enterprise were to use a number of PCs executing 
local paper look-up services^ access to general 

35 application services within the enterprise could only be 
accomplished with additional software on each client 
machine executing the local PLS, something which makes 
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the system more difficult to support and administrate, in 
particular in terms of adding nodes or services in the 
system. 

Furthermore, by using local PLSs, there would be no 
5 simple way of accessing the enterprise services through 
any other node than the PC implementing the local PLS, 
something which would put limits on a pen user's 
possibility to connect to the internal network and access 
an enterprise application service via a mobile station 

10 and a mobile communication networks in a manner as 
described above. 

Advantageously, the communication between a digital 
pen and an E-PLS is secure and based on, e.g., a 
symmetric encryption key that is unique for each pen. The 

15 E-PLS is also arranged to be able to perform 

authentication of a digital pen. Similarly, the 
communication between different E-PLSs, or possibly 
involving the G-PLS, is secure by means of encryption 
keys, and an E-PLS is able to authenticate another E-PLS. 

20 In figure 2, the possibility of connecting E-PLSs in 

a hierarchy has been illustrated. In this exemplified 
hierarchy, an E-PLS is able to communicate with the G-PLS 
over a firewall 24 0 and an external network in the form 
of the Internet 250. The E-PLSs of the hierarchy could 

25 belong to different enterprises or to different 
divisions/departments within the same enterprise. 

Fig. 3 shows an enterprise paper look-up server 300 
in accordance with an exemplifying embodiment of the 
invention. The E-PLS 300 shown in Fig. 3 may, e.g., be 

30 configured to execute either one of the enterprise paper 
look-up services E-PLSl, E-PLS2 or E-PLS3 in Fig. 2. The 
enterprise paper look-up server 300 includes first 
storing means 310, interface means 320, 340, second 
interface means 330, second storing means 340 and 

35 processing means 350. First and second storing means may 
be implemented by means of any readily available memory 
device, such as RAM, ROM or the like or a hard disk 
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drive. The different interface means may be implemented 
by any kind of interface hardware circuitry which enable 
the paper look-up server to communicate by means of a 
TCP/IP protocol stack or any other protocol stack 
5 implementing a commercial or proprietary protocol chosen 
for the communication with the various entities as 
described below. The processing means may be implemented 
by any suitable, commercially available microprocessor, 
or, alternatively, an Application Specific Integrated 
10 Circuit, or corresponding circuit, specifically designed 
for controlling the functioning of the paper look-up 
server. 

The processing means 350 executes a look-up service 
which, in correspondence with the operation of a G-PLS, 

15 operate to map a certain area of the coding pattern, such 
as the area defining an activation icon, to a network 
address, such as a URL on an Intranet, for a certain 
application service. A database 360 accessed by the 
processing means is used for storing management rules and 

20 various data defining and controlling associations 
between different coded surface areas and different 
enterprise application services managed by E-PLS 300. The 
database 360 also stores information controlling which 
pens that have the right to access which services. 

25 In a simple configuration, the first storing means 

310 is implemented by means of a table in which an area 
address entry of the table corresponds to a specific URL 
of an application service associated with the area 
address. The table is either stored in a separate memory 

30 circuit or in the database 360. For example, it is shown 
in Fig, 3 that the surface area defined by all pages of 
segment 1, shelf 2, book 4 (denoted 1.2.4.*) is 
associated with URLl, and that the specific page denoted 
1.2.5.2 is associated with URL 2. URL 1 and URL 2 are the 

35 network addresses of application services executed by the 
same, or two different, enterprise application servers 
connected to the same local enterprise network as the E- 
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PLS 300^ i,e. to the same Intranet or at least the same 
LAN. 

The interface means 320 is a device interface which 
is arranged to communicate with digital devices, e,g, 
5 digital pens. As described above, this communication uses 
a proprietary pen protocol, PP, which in turn uses the 
proprietary secure pen protocol, SPP, and the hypertext 
transfer protocol, http. Typically, this device interface 
is used by the E-PLS 300 for receiving requests from its 

10 registered digital pens, which requests include area 

addresses defining certain position coded areas, and for 
responding to the digital pens with information relating 
to application services associated with these area 
addresses, such information at least including the 

15 network address, such as an URL, to be used for accessing 
the service. This information may typically also include 
such things as what kind of data that the device is 
required to transmit to the application service in order 
for the service to be executed, e.g. user data stored in 

20 the pen or data recorded from a certain writing surface 
area . 

The interface means 340 is also known as an Inter 
PLS look-up interface and is used for communication 
between different PLSs. The Inter PLS look-up interface 

25 340 is in the figure depicted as including stored 

associations between different area addresses and E- 
PLS/G-PLS. In practice, these associations are stored by 
the second storing means being located anywhere in server 
300 and accessible by the processing means 350, either in 

30 a separate memory circuit or in the database 360. 

The E-PLS 300 uses the Inter PLS look-up interface 
34 0 when it cannot find an application service associated 
with an area address of a received request in the first 
storing means 310. The request is then routed to a second 

35 PLS, either another E-PLS or the G-PLS, in accordance 

with the associations stored by the second storing means 
340. The routing is performed by the processing means 350 
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by way of operating on the second storing means 340. 
Thus, the combination of the processing means 350 and the 
second storing means 34 0 forms the routing means of the 
E-PLS 300. The second storing means 34 0 may also include 
5 a network address of a default E-PLS to which a request 
may be routed. This default E-PLS may constitute the only 
second E-PLS to which requests can be routed, or it can 
co-exist with other secondary PLSs and be used when there 
is no other secondary PLS that is associated with an area 
10 address of the request which is to be routed. 

Furthermore, the E-PLS may also receive requests 
over the Inter PLS look-up interface, which requests have 
been routed from another E-PLS. In the same way as when 
receiving a request over the device interface 320, the E- 
15 PLS 300 will check in the first storing means 310 for an 
application service associated with the area address of 
such a request from another E-PLS. If such application 
service is found, the network address thereof is returned 
to the requesting E-PLS. The E-PLS will also examine a 
20 list of E-PLS identities received in a request. These 

identities indicate which E-PLSs that have been traversed 
by the request. If the E-PLS receiving the request finds 
its own identity in the list, this indicates that a loop 
has occurred among the E-PLSs. The request will then be 
25 denied, thereby resolving the loop. 

The parameters that the E-PLS 300 may receive in a 
request, or look-up request, over the Inter PLS look-up 
interface 340, and which has been routed from another E- 
PLS, are exemplified in the non-exhaustive list below. 

30 

Request parameter Description 

requesterld -the identity of the device. 

transactionid -the identity of the transaction ' 

that triggered the request. 



penid 



-the identity of the pen 
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that triggered the request. 



visited Ids 



-the identities of the PLSs 
traversed by the request. 



pageAddress 



-the page address derived 
from the pen stroke that 
triggered the request. 



10 magicBoxId 



-the identity of the activation 
icon in which pen stroke were 
made to trigger the request. 



15 The information that the E-PLS may return over the 

Inter PLS look-up interface 34 0 to the requesting E-PLS 
are exemplified in the non-exhaustive list below. 



Information element 
20 status 



Description 

-indicates status of service^ 
e.g. locked, not active, not 
found, access denied. 



25 



name 



-the name of the service as 
presented to a pen user. 



URL 



-the URL for the application 
service . 



30 security 



-the level of security imposed 
by the application service, e.g, 
no security, or encryption with 
supplied key. 



35 ticket 



-an authentication ticket if 
such security is required. 
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key -a public key used if security 

implies encryption . 

J^ead -data stored by the pen^ so 

5 called pen properties, which the 

service can read. 



10 



mand 



licensedPattern 



-mandatory pen properties that 
the service requires. 

-a page address defining what 
surface area the service can 
read from. 



15 As is understood, the PLS associations stored in the 

second storing means 340 are configurable and will define 
the position of E-PLS 300 in a hierarchy of E-PLSs. Thus, 
by. means of the second storing means and the Inter PLS 
look-up interface, E-PLS 300 may be configured to operate 

20 as either one of E-PLSl, E-PLS2 or E-PLS3 shown in Fig. 
2. 

The second interface means 330 is an Inter PLS 
system interface via which the E-PLS 300, e.g. at regular 
intervals, can ask its parent PLS for template updates. 

25 For example, in the hierarchy in Fig. 2, E-PLS2 is a 
parent PLS to E-PLSl and to E-PLS3. This hierarchy is 
predefined upon configuration of the E-PLSs in the system 
by means of allocating, if desired, a parent PLS to an E- 
PLS. Upon receiving a template update in a response from 

30 the parent PLS over the same interface, the processing 
means 350 can extract e.g. new management rules or other 
new data from the template update, which rules and data 
are to be stored in the first storing means 310 or the 
database 360. The E-PLS 300 may also from a template 

35 update extract new values for data to be stored in a pen, 
which pen is updated with this data following its next 
request to the E-PLS 300 via the device interface 320. 
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The parent PLS can be another E-PLS or the G-PLS. This 
enables the E-PLS 300 to also ask a parent PLS for a 
template update with data of a coded surface area that it 
currently has knowledge of. 
5 Finally, the E-PLS 300 includes an E-PLS 

administration interface 370 via which an enterprise 
maintains and controls its E-PLS 300, The control may 
relate to the settings of the second storing means 340 
for defining the position of the E-PLS in the hierarchy 

10 of E-PLSs, the access to and from other E-PLSs, and so 

on, in addition to general E-PLS security management. An 
operator of the enterprise preferably performs the 
administration by means of a web application executing 
within E-PLS 300. 

15 An exemplifying mode of operation of the present 

invention will now be described with reference to Figs 4 
and 5. Fig. 4 correspond to the same hierarchy of PLSs as 
previously described with reference to the embodiment of 
Fig. 2, but with an illustration of the 

20 data/communication flow of the exemplified operation now 
to be described. Fig. 5 shows a flow chart with a number 
of operational steps, which flow chart illustrates some 
of the possible alternative flows that the operation of 
an E-PLS might undertake according to various embodiments 

25 thereof. 

The overall operation starts when a pen user uses 
his pen 207 and ''ticks" an activation icon on a position 
coded surface which is associated with an enterprise 
service. The pen 207 encrypts the request, except for the 

30 identity of the pen, using its own unique symmetrical 
cryptographic key, and sends the request to the E-PLS 
with which it is registered, also called the pen home 
PLS, in this case to E-PLSl. 

The E-PLSl receives (step SI) the request from the 

35 pen and extracts a non-encrypted identity of the pen. It 
then uses the pen identity to retrieve the pen's 
symmetrical cryptographic key with which it decrypts 
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(step S2) the rest of the request and extracts an 
included area address of the surface area that the ticked 
activation icon belongs to. The E-PLSl then checks (step 
S3) if the area address corresponds to a service in its 
5 list of managed enterprise application services E-ASl. 

If a corresponding service is found, the E-PLSl will 
check (step S4) if the requesting pen has a right to 
access the specific service. This check may, e.g., be 
performed by means of a stored two-dimensional matrix, 

10 formed by the digital pens registered with the E-PLSl and 
the services managed by the E-PLSl, which matrix stores 
indications of which pens that have the right to access 
which services. Either the pen has the right to access 
the service, in which case the E-PLSl will reply by 

15 sending (step S5) a URL for the service back to the pen, 
or the pen does not have the right, in which case the E- 
PLSl respond (step S9) to the pen with an access denied. 

Assuming in this example that there is no match in 
the list of services, the E-PLSl will then check (step 

20 36) if the area address match a second PLS in its list of 
externally available PLSs. Alternatively, or if there is ^ 
no match, the E-PLSl may check (step S7) if there is an 
external available default PLS. If there is no available 
default PLS, the E-PLSl respond (step S9) to the pen with 

25 an access denied message. However, if there is an • 

externally available matching PLS or default PLS, it is 
checked (step S8) if the pen has the right to cause 
routing of a request to the matching or default PLS. Also 
this check may be perfoinnaed by means of a two-dimensional 

30 matrix, which matrix is formed by the registered digital 
pens and the PLSs to which the E-PLSl is configured to be 
able to route a request. Should such routing not be 
allowed, the E-PLSl respond (step S9) to the pen with an 
access denied message. 

35 If routing to the matching or default PLS is 

allowed, the request is encrypted and routed (step SIO) 
to the matching second PLS (or the default PLS) . This 
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request, or look-up request, includes the requesting E- 
PLSl's identity, the requesting pen's identity and the 
area address to which the activation icon belongs etc. In 
this case the E-PLS2 receives the request (once again 
5 step SI, but within the operation of E-PLS2), decrypts 
and authenticates it (step S2), and checks (step S3) if 
the area address' corresponds to a service in its list of 
managed enterprise application services. Assuming there 
is a match, the E-PLS2 checks (step 88) that the service 
10 is not locked and that the requesting E-PLSl has the 
right to cause routing of a request to the matching 
enterprise application service E-AS2 . The E-PLS2 then 
replies to the requesting E-PLSl with information that 
includes the URL for the matching service together with 
15 other information elements as described above with 
reference to Fig. 3. 

The requesting E-PLSl thus receives a response to 
its request from E-PLS2 (step Sll, again within the 
operation of E-PLSl) and sends a response to the 
20 requesting pen 207. The response to the pen includes the 
URL for the matching service together with other 
information regarding, e.g., what kind of data that the 
device is required to transmit to the application service 
in order for the service to be executed, e.g. user data 
25 stored in the device or data recorded from a certain 

writing surface area. The pen 207 then uses the URL, and 
the other received information, to send a request to the 
enterprise application service E-AS2, which service 
processes the request and replies to the pen 207. 
^0 is evident from the flow chart of Fig. 5, and 

from other parts of this invention disclosure, that a 
great number of alternative operation flows are possible 
while still falling within the scope of the appended 
claims and within the overall spirit and scope of the 
35 present invention. 



